Windows
Analysis Report
Copyright_Infringement_Evidence.exe
Overview
General Information
Detection
Score: | 45 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Copyright_Infringement_Evidence.exe (PID: 4788 cmdline:
"C:\Users\ user\Deskt op\Copyrig ht_Infring ement_Evid ence.exe" MD5: DE2B7EC32D3A5C530E5A1AA6F2B27B16) - cmd.exe (PID: 1408 cmdline:
"cmd" /C s tart C:\Us ers\Public \Documents \infringin g_content. pdf MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 2544 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Acrobat.exe (PID: 2276 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\Publ ic\Documen ts\infring ing_conten t.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6492 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3700 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 00 --field -trial-han dle=1676,i ,123301158 4107990535 0,60863546 2842838336 5,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Code function: | 0_2_00007FF6F37AF110 | |
Source: | Code function: | 0_2_00007FF6F3823050 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6F38FA4C8 | |
Source: | Code function: | 0_2_00007FF6F38FA4A0 | |
Source: | Code function: | 0_2_00007FF6F38FA4A0 | |
Source: | Code function: | 0_2_00007FF6F38945F0 |
Source: | Code function: | 0_2_00007FF6F37C8FE7 | |
Source: | Code function: | 0_2_00007FF6F37A4CC5 | |
Source: | Code function: | 0_2_00007FF6F38EECC0 | |
Source: | Code function: | 0_2_00007FF6F3835CF0 | |
Source: | Code function: | 0_2_00007FF6F37EB440 | |
Source: | Code function: | 0_2_00007FF6F38EA440 | |
Source: | Code function: | 0_2_00007FF6F37E8CA0 | |
Source: | Code function: | 0_2_00007FF6F38434B0 | |
Source: | Code function: | 0_2_00007FF6F38F14A0 | |
Source: | Code function: | 0_2_00007FF6F37AABD7 | |
Source: | Code function: | 0_2_00007FF6F3852370 | |
Source: | Code function: | 0_2_00007FF6F37B33B2 | |
Source: | Code function: | 0_2_00007FF6F387C2F0 | |
Source: | Code function: | 0_2_00007FF6F381C310 | |
Source: | Code function: | 0_2_00007FF6F3881300 | |
Source: | Code function: | 0_2_00007FF6F3836A40 | |
Source: | Code function: | 0_2_00007FF6F38E4260 | |
Source: | Code function: | 0_2_00007FF6F38E8AB0 | |
Source: | Code function: | 0_2_00007FF6F38F32A0 | |
Source: | Code function: | 0_2_00007FF6F384E2A0 | |
Source: | Code function: | 0_2_00007FF6F37E81F0 | |
Source: | Code function: | 0_2_00007FF6F38E2A00 | |
Source: | Code function: | 0_2_00007FF6F37F7230 | |
Source: | Code function: | 0_2_00007FF6F37E88E0 | |
Source: | Code function: | 0_2_00007FF6F38C6060 | |
Source: | Code function: | 0_2_00007FF6F38EB060 | |
Source: | Code function: | 0_2_00007FF6F37E8070 | |
Source: | Code function: | 0_2_00007FF6F37F78B0 | |
Source: | Code function: | 0_2_00007FF6F38F8830 | |
Source: | Code function: | 0_2_00007FF6F383AF70 | |
Source: | Code function: | 0_2_00007FF6F38EBFA0 | |
Source: | Code function: | 0_2_00007FF6F38E96D0 | |
Source: | Code function: | 0_2_00007FF6F384E650 | |
Source: | Code function: | 0_2_00007FF6F3888E90 | |
Source: | Code function: | 0_2_00007FF6F3836690 | |
Source: | Code function: | 0_2_00007FF6F38EDE80 | |
Source: | Code function: | 0_2_00007FF6F37E7E10 | |
Source: | Code function: | 0_2_00007FF6F38EE570 | |
Source: | Code function: | 0_2_00007FF6F38DF580 |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Classification label: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Icon embedded in binary file: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_00007FF6F38BF700 |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6F38FA298 |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6F38EC7CC |
Source: | Key value queried: | Jump to behavior |
Source: | Directory queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF6F38940C0 | |
Source: | Code function: | 0_2_00007FF6F38D6DF0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 1 Data from Local System | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 11 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 4 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | ReversingLabs | Win64.Trojan.XWorm | ||
36% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
96.17.64.189 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
65.52.240.233 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
172.67.158.129 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528565 |
Start date and time: | 2024-10-08 02:07:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Copyright_Infringement_Evidence.exe |
Detection: | MAL |
Classification: | mal45.winEXE@20/48@0/3 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 162.159.61.3, 172.64.41.3, 2.19.126.149, 2.19.126.143, 2.23.197.184, 2.22.242.11, 2.22.242.123, 192.168.2.6, 23.219.161.139
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
20:08:15 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
96.17.64.189 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Rhysida | Browse | |||
Get hash | malicious | Rhysida | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Rhysida | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
65.52.240.233 | Get hash | malicious | XWorm | Browse | ||
Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
|
Process: | C:\Users\user\Desktop\Copyright_Infringement_Evidence.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3698 |
Entropy (8bit): | 3.6134166039132762 |
Encrypted: | false |
SSDEEP: | 48:bU7SAd0++d0Hzd0Yz0/ZoP9ECr0LwK6PKEFsyZGiH7AHCriVK2Fg2MXd0Gd0bCZW:cG++GHzGXRoqwRe0HkHCriBFg2+GGGbL |
MD5: | 7C17AF79AEADB3A70C273C1C8D68C557 |
SHA1: | D8858DFD4CF980E7DA75B6D4283E14BABC204D5A |
SHA-256: | F91EB35B1736D16470421D8C46AF77F33FC169D9C6E0299D5AC76EB30A336888 |
SHA-512: | 207EF3F65BCB3277DD7B1E7602C7F043559FC0574CBE2547096DC903F333E0B5682F60408BCC637ED0D4022AAC3912C3A7CE821938292E1851FA7A41DEE5ED75 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Copyright_Infringement_Evidence.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 602549 |
Entropy (8bit): | 7.583560953538365 |
Encrypted: | false |
SSDEEP: | 6144:ImSf+xltDfOuS5yL8RRerLmCRIy/HUBFEfr6BLDNBBu6k+5VRWY0PPJ+CzuyOJMX:NxrUgo36UBGfr899k+52LZIejmPWLgc |
MD5: | F13B905D7933DD61552424BB53C9D881 |
SHA1: | A3EE3CAC7FD6AFF2F21155D3EC351285DA7BF038 |
SHA-256: | 4870E5C0271F309D8F3A04616C52AF34E1E5478810D6B6DA9B6F7D831658BED3 |
SHA-512: | 36C9414FD898E4D703D0D5A9AC974FC32480047CF60CE07782A5D52D9C8A51CDC84A3C1D45A36967A5301E7326BE0DB198ED3DB06EBAA13F748545F2A33C34C6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.158702411717043 |
Encrypted: | false |
SSDEEP: | 6:tTHQOq2PN72nKuAl9OmbnIFUt8sTZmw+sJkwON72nKuAl9OmbjLJ:h5vVaHAahFUt8I/+Q5OaHAaSJ |
MD5: | 9C7A55F42963269B99E66B2CDBC86F2F |
SHA1: | 884429E005B98715C344367BF6BA7C1748122D16 |
SHA-256: | 7D400D7A24EBBF9C7658F6052DCE2498221ED2D08918DE67043C74CC21A4E16C |
SHA-512: | 418764BC90F0C5C0D1C43C1E1C632B1118DC76CA93575B3A1820DDC14E19DEC1C5E9675BD7F87F0A5750D4CC948C16867CFC30E95E1CD7351E086382F6F02A24 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.158702411717043 |
Encrypted: | false |
SSDEEP: | 6:tTHQOq2PN72nKuAl9OmbnIFUt8sTZmw+sJkwON72nKuAl9OmbjLJ:h5vVaHAahFUt8I/+Q5OaHAaSJ |
MD5: | 9C7A55F42963269B99E66B2CDBC86F2F |
SHA1: | 884429E005B98715C344367BF6BA7C1748122D16 |
SHA-256: | 7D400D7A24EBBF9C7658F6052DCE2498221ED2D08918DE67043C74CC21A4E16C |
SHA-512: | 418764BC90F0C5C0D1C43C1E1C632B1118DC76CA93575B3A1820DDC14E19DEC1C5E9675BD7F87F0A5750D4CC948C16867CFC30E95E1CD7351E086382F6F02A24 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.1267661000232545 |
Encrypted: | false |
SSDEEP: | 6:tdaCVq2PN72nKuAl9Ombzo2jMGIFUt8sd9kgZmw+sddIkwON72nKuAl9Ombzo2jz:SevVaHAa8uFUt8qN/+75OaHAa8RJ |
MD5: | EFCF9A79B8A9B2995EED1C2F3AE108F0 |
SHA1: | A4B1DFF99EE996602AC9A6CC8A7F9892BD8E5CAE |
SHA-256: | 537BFAE0156BD1D600FD925E4C8525469E6442A53C7465C7ECAFD807EF65D789 |
SHA-512: | 4B01F4483243955C958B7BF3B0C8F777E0570F3B260FE038F6C10C3C866E4F1F326A6B7F416CCAAD6C5084FA6DC85B77EA47DB7562E84C1A2A0BA40D0FA85F3F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 342 |
Entropy (8bit): | 5.1267661000232545 |
Encrypted: | false |
SSDEEP: | 6:tdaCVq2PN72nKuAl9Ombzo2jMGIFUt8sd9kgZmw+sddIkwON72nKuAl9Ombzo2jz:SevVaHAa8uFUt8qN/+75OaHAa8RJ |
MD5: | EFCF9A79B8A9B2995EED1C2F3AE108F0 |
SHA1: | A4B1DFF99EE996602AC9A6CC8A7F9892BD8E5CAE |
SHA-256: | 537BFAE0156BD1D600FD925E4C8525469E6442A53C7465C7ECAFD807EF65D789 |
SHA-512: | 4B01F4483243955C958B7BF3B0C8F777E0570F3B260FE038F6C10C3C866E4F1F326A6B7F416CCAAD6C5084FA6DC85B77EA47DB7562E84C1A2A0BA40D0FA85F3F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\62c9f349-4d9c-40d1-bfca-a8591e137e70.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.971614384201897 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqoZsBdOg2HBcaq3QYiubcP7E4T3y:Y2sRdskdMH43QYhbA7nby |
MD5: | B9EA1425A14D368BD3AEB98D23E08930 |
SHA1: | D606E67E2ADC89D8024AA1CC8B3201E22F66441D |
SHA-256: | 050BB1EBAB398CB1711B5EA5B3BC34919B1E0F602D9798C5986B7B9C7180EA9F |
SHA-512: | D23D83241CAF08FCC81B6E4AC25CD13D780553FED401F415462B71B91B31CFB6225FFF2383AC153660C3EA32642DB13FE050CF556BAF43FFD5F5C413CB4F98C3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.971614384201897 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqoZsBdOg2HBcaq3QYiubcP7E4T3y:Y2sRdskdMH43QYhbA7nby |
MD5: | B9EA1425A14D368BD3AEB98D23E08930 |
SHA1: | D606E67E2ADC89D8024AA1CC8B3201E22F66441D |
SHA-256: | 050BB1EBAB398CB1711B5EA5B3BC34919B1E0F602D9798C5986B7B9C7180EA9F |
SHA-512: | D23D83241CAF08FCC81B6E4AC25CD13D780553FED401F415462B71B91B31CFB6225FFF2383AC153660C3EA32642DB13FE050CF556BAF43FFD5F5C413CB4F98C3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5449 |
Entropy (8bit): | 5.248689601040043 |
Encrypted: | false |
SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7CoeJN:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhW |
MD5: | 998EE209EF92F69ECF110C005AB69F32 |
SHA1: | FDE84E497EA93DF775DF218D0D9162C62A925B9F |
SHA-256: | CD21548326AB5C378DCBD7D20B200687924E66B0D9EF0A4C9F6A64B3F82F49C9 |
SHA-512: | 56ADB01C60E33300957C02317A34BE8D5F015EB93E22D19F4E226503FEEF811CAD0A457CF33191D3C4E2F041B70A824115F545FD1DE13B28CFEC8FF83567754E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.10564908614351 |
Encrypted: | false |
SSDEEP: | 6:pXU/Vq2PN72nKuAl9OmbzNMxIFUt8oTKSgZmw+odv9IkwON72nKuAl9OmbzNMFLJ:5UdvVaHAa8jFUt8OKX/+f5OaHAa84J |
MD5: | F884E993E4616502C4C0A9067BA7E4DD |
SHA1: | C4131AFFD54EA230BB5A2CB0F70E7CAA34BBC957 |
SHA-256: | FC9E462FE050754C505D4E1DD74E642154B0292BAA25ACD44996B6C6027626E0 |
SHA-512: | C6FBDDAE79ED8EA46339CA09C811F94EE7BE365A721DA44736E81473DD596FB1D48FFC4647C3FF9B912A37C2E093F0B6C7282AE21F0177E6251F4FB2ED1C1033 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 5.10564908614351 |
Encrypted: | false |
SSDEEP: | 6:pXU/Vq2PN72nKuAl9OmbzNMxIFUt8oTKSgZmw+odv9IkwON72nKuAl9OmbzNMFLJ:5UdvVaHAa8jFUt8OKX/+f5OaHAa84J |
MD5: | F884E993E4616502C4C0A9067BA7E4DD |
SHA1: | C4131AFFD54EA230BB5A2CB0F70E7CAA34BBC957 |
SHA-256: | FC9E462FE050754C505D4E1DD74E642154B0292BAA25ACD44996B6C6027626E0 |
SHA-512: | C6FBDDAE79ED8EA46339CA09C811F94EE7BE365A721DA44736E81473DD596FB1D48FFC4647C3FF9B912A37C2E093F0B6C7282AE21F0177E6251F4FB2ED1C1033 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241008000806Z-161.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69366 |
Entropy (8bit): | 1.0231270840068825 |
Encrypted: | false |
SSDEEP: | 192:LQOAQN/cyFc3I8ckqURXyVxLD3fPWlpBlwXBrRDwB:cqMX4PW/BlwE |
MD5: | 7B83F414A3BE1352DA6090C489C76EB3 |
SHA1: | AA53121D461DCDC90D9DC2A0D85D47AE219AB841 |
SHA-256: | 71B3088E67EE6D601A8B294338D4BD4B9275D804655F8C0406E9EB33134D9AFD |
SHA-512: | A3A7BE4E5F9242450B03E9EF9003C9E8BE725E317700C46214DC5233F12F8F6E69F116D6D208FC15F60A3C2D5B37A3EF32C955B359B563A9D00DC9A4BF4E0E1D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444557302876807 |
Encrypted: | false |
SSDEEP: | 384:Seuci5t5iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:Sas3OazzU89UTTgUL |
MD5: | C48DFD072625696DBE6129FBA84661E7 |
SHA1: | 070FD592F1F7572CFE5E6149DCE03D627B112313 |
SHA-256: | 614BFA2AA47075DA75B18711F696463EEA5953BBA73311E034E534A8FCE969E9 |
SHA-512: | D7585E00C684D0B66A6D38771966C93A757961A73F257510F10BCCBD833CEC3602F040AA948E575213F4A52610C68F01A22CE9F5F2C2152BF2AD37643E5DC829 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 2.2154361134216476 |
Encrypted: | false |
SSDEEP: | 24:7+tsRnuwKnRqLLzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf96:7MCnCRqPmFTIF3XmHjBoGGR+jMz+Lhc |
MD5: | 143246609575403B8002E4A74F031315 |
SHA1: | D1BAE117B3F9008FE8D53A5A0BA076E11CD4E2F7 |
SHA-256: | E5A910ADCEAB73EAE31B357AD8AA88877B21D184E552A19CA16B1FBFABC4E886 |
SHA-512: | 570DA8EDA5C5B307FF570BD8B2DC8835A6F0B72F7D0AB635AF789A7B1EA348E952A5C2B1BA644F75216C6FEDEC0D1085E219FE0E374AA4E0E1CC8F300562D73E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.779094196322516 |
Encrypted: | false |
SSDEEP: | 3:kkFkla78Nl1fllXlE/HT8kxJrtNNX8RolJuRdxLlGB9lQRYwpDdt:kKD78Nl2T84FTNMa8RdWBwRd |
MD5: | D88C9D2C5CC335831F8A3CD7561B31DE |
SHA1: | 37AD8E384C0C84C7D4F0B63F1B5DBB4131DB5B58 |
SHA-256: | C866399AE0D3D87FDAD83B7C74C1A402B30F7A7EC19693D4C0726DA170752B5F |
SHA-512: | 1DB69FA5F2FA8A61B42D1615E59012CECF1AC5B0D725802D8C112A53B222019A0189D642E7C8F1A0DC301ADA44B095912EB967F2266A36B89D2E557EF708F6E9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.361714753103708 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJM3g98kUwPeUkwRe9:YvXKXFu10c8GMbLUkee9 |
MD5: | 748CE588A522B77BD477EBE306BB9635 |
SHA1: | 914B938942AA8ADAB6A272008C1976646A07FA1D |
SHA-256: | 0EF37425693D84CF87E4CA4E0511B40B65EEF8792CB1524064E6E8DDF4E8776E |
SHA-512: | 3672681E76D5DC2D8D0AC209BBC8062D1B0FB733F2D8DEAFA4E71B7301309FA0EE14268130F982756C396E1EFE1F59C4D2033F1B77867FBF39A373B9E199F2E8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3113019758752555 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJfBoTfXpnrPeUkwRe9:YvXKXFu10c8GWTfXcUkee9 |
MD5: | E8439C839BE7261A9AA12A81D3538D27 |
SHA1: | E8C7790F39762088CE54E725024D9D30C879A933 |
SHA-256: | 86AC3FBEFE169840853E5D89D06DCC14F21FEB1F2C8B55CE5EC99B6BADF1CD82 |
SHA-512: | 7B43EBDA64B1C554E5A2FA8E60822321349DC0130251B3761971FF6FF2C045972107C5A8EE566D36B451C30A80BFFE0640EE23B4B40AEF9FB84C2504C5EDA925 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.289713649140117 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJfBD2G6UpnrPeUkwRe9:YvXKXFu10c8GR22cUkee9 |
MD5: | 51AC9E08DE878074BFC50180B6F628E2 |
SHA1: | 0BF7E4CC1659E084F2395469EA20808C24C0E62C |
SHA-256: | ED697EAB7143641E68D04DD05227F9AE4AE14CD0F3710548CF6B41F053F705E3 |
SHA-512: | 8FC0D0D79DD8FACB0BAC53C09B70578F50DF3654354E34494BD4030A1FCC8258E7C1F6986748617D428F0E350EC7955BD7AF50E07AECE0A454D0269D514B8E61 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.3416794819882245 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJfPmwrPeUkwRe9:YvXKXFu10c8GH56Ukee9 |
MD5: | CBD3B1B13B7932AE3FCC174AB241DE32 |
SHA1: | 0BD90888788948506D9A006CDEA37B0C5BEF131E |
SHA-256: | 798968BDC308A49B9049372D0DC371F2F1F07BB836CF76C87B0CC04127B04282 |
SHA-512: | 5B3E2637CE5B9F7729A98BEF5FFF4D59FA5EFB8363A3F6952A81F3FD08AA57B8DE413B2B8CC4ECA21214E36E3F162E94A341C2A61B694FA98656638723B2E75D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1091 |
Entropy (8bit): | 5.686316371438986 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAP5pLgE7cgD6SOGtnnl0RCmK8czOCYvSa:YvNhgs6SraAh8cvYKa |
MD5: | 3661D648068ABFC5F979A30F7D9BD508 |
SHA1: | F8BCDBDD7300BEB20E22EEF0FCAD0D05DC032F68 |
SHA-256: | EABFDAB74BBD8649A12A2E61977C7B8D2935B3D86ABD0F08B37D12B887DC1836 |
SHA-512: | 2354C5D027DF7AD0F6D1BFF0AEC6F0E94DF5A47BFFC083363AC8392F628CB4972C050FBB024A987C4D7CB20B7B4281FC24D43B2D0FF203ECDBDD93E07C79E127 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.651142570448931 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAP1VLgEF0c7sbnl0RCmK8czOCYHflEpwiVP:YvRFg6sGAh8cvYHWpwa |
MD5: | DED85775294EF8BE525D3EFCD8857142 |
SHA1: | 0C6B49BD1A83DE6C23B5AE0BE9B415812941CE40 |
SHA-256: | 13661CE06A1A57B41D9B073FCA31BC7B7390E8B7FF0E512E63343CBCB08DF826 |
SHA-512: | 27BB52CAC7BBAF049DC7B2681AE301A804C802A01F35778FBBEF02A3784BE262F272E153E7A667E10BCA1333C133913965CB090F7FD5CD7AB0FF2428C5BDB588 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.291129042111949 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJfQ1rPeUkwRe9:YvXKXFu10c8GY16Ukee9 |
MD5: | C99DC41959E37DE8E37891F31C315EA4 |
SHA1: | 82E5DFB94E9C7B820AFF166F57E8593D34BD2AC2 |
SHA-256: | FB41E4500CD4E86A92AA70E6EEAA12CCD5E9440F4709E5176AA85F5FC747C8E0 |
SHA-512: | AA39EDB8554206DFAD1316560EA733B02BC9EB2A3D910547F167E244C0EC66BE457ACA0953003990EC854CC166B5AF0239E9A9B395A41C018D7B5E9980AD4364 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1098 |
Entropy (8bit): | 5.686553778658615 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAPU2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSa:YvAogq2SrhAh8cvUgEma |
MD5: | 24C9B7186A9768C6390F7956EB90FC1A |
SHA1: | 6181C16342D5F5CBEA0FE57AA81FD0BC4DC5F8DA |
SHA-256: | F13914780C865E08DD9549FBD229BFA313EE870034F98DC82C7273E8135F7968 |
SHA-512: | 0A0929F337D2FFC28ED1443F1D05AB59B7AD907B79D2A76586A8F43CF75E873740877B3C439CDE0255895CCDB9CB02164C31204618C05624C4CA5E18F7FECA5A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.699202267122071 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAPkKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5P:YvIEgqprtrS5OZjSlwTmAfSK5 |
MD5: | 09236195CC8ACDDE246AC11D23FD5D76 |
SHA1: | CCBD92A6AF0C965780EBA1F081D07962492A7E54 |
SHA-256: | E8DA45FD097223CA63219D9825C447E22CF38DF08AAC824E98DDE64B8BA616A9 |
SHA-512: | 0F819F802A820D042B135E78AB08993A9C84A8CAF71DE25C79813F55CA6950355CD1A63DCDE2C9B4A90008A2721DFFE6BD49589F29F9B96F556465941DE976CB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.296595959919441 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJfYdPeUkwRe9:YvXKXFu10c8Gg8Ukee9 |
MD5: | ECD44285D129264C4AD788E354CDF6F4 |
SHA1: | 17187B9B3FF5FAD06A18D104743EDD4398C84B12 |
SHA-256: | F6ACE19898223039D9399D24BAAC57FB08394BE68717E56D56CA7AE1BFB8FA54 |
SHA-512: | 2EA7E08CDFC58E98B7EDFF2D1328F2E6BC195B8062E8F51D928B3BC2DBD1B69CD7AB197F26D15B0814671D0C5A7E0128A6DF4C92B8652972AC476007BEF66392 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.777066431243948 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAPLrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNH:YvnHgDv3W2aYQfgB5OUupHrQ9FJ5 |
MD5: | 9C00F58ADFFEF8F7369525BF40C78C5D |
SHA1: | ED465C51251EEB940DE21B16EA28FBD5F0158CDB |
SHA-256: | 4AAE558EA47D1A3472A2F73A2650959145A4B4DD27E6B157E49CFB867AE6888E |
SHA-512: | AF86EF850D0C3AA943405F2D78923EA4DEAA3BD14E25B11AA8EF7919E1DB2997196356C7C887207888DF8247A54EE8C9CC5CA91A099185BC07E1E997D9A06388 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.280166453057776 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJfbPtdPeUkwRe9:YvXKXFu10c8GDV8Ukee9 |
MD5: | 3591E21DB0A321AC71F19080E164802B |
SHA1: | 3D7BAEA6C3A21BB2A6A663B6BC060B31C95C5A01 |
SHA-256: | F07425D58BA43B0B65945F08AA7FF375E26AE0C26CC23B148AD6441A5201110F |
SHA-512: | 41632E62326881492B184A2417B6AEBBD173CD6682D4627DDC12CFAF4F65B2F3D769FA2285A04337298E8C2074E0E544F32DED1E0A5325D7C089401DB6DBE509 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.283186275762126 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJf21rPeUkwRe9:YvXKXFu10c8G+16Ukee9 |
MD5: | E3A718E5F8141A370BFFB1A2A69F3968 |
SHA1: | 48F3FC84BACD3F3E2E66CE06B6F2AA23F45306FD |
SHA-256: | ADDE899CFCA895216DE1378CAB5DF90CC260FE0F0EAA473CD23B766FEF860D3C |
SHA-512: | F6EEA672E424F690CC7D963AC02B178F7DE69C21D170C7F13105A774DF2F37F24FB7CA917B5B87211E48036C50DC7165F5D96E6C3DE84EC5B2527124AFDE386D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1054 |
Entropy (8bit): | 5.665607466175489 |
Encrypted: | false |
SSDEEP: | 24:Yv6XAPJamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSa:YvpBgSXQSrOAh8cv6ma |
MD5: | 26D9EA9D9D54A25E5F2DB7B577BF159A |
SHA1: | 06B39936C3BEC7AC2CDD66505E5772397A75997C |
SHA-256: | F86B3A5D1F9F22881357E496319BAFE854A0D51AF206C50D1D7C5D042D860F44 |
SHA-512: | E73B3D40B6EF13850947E1F200556ACC9E7F3E3E53A24AC002F4C1271A6C51A492F209CCBF5EEDBAC6FFEA08F0437B84887E6130FB728A07988FD031E09BA5E9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.259835870071359 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXFu1QuUnZiQ0YG0eoAvJfshHHrPeUkwRe9:YvXKXFu10c8GUUUkee9 |
MD5: | CF2C1A3976C1C6F79AFC652BAD370195 |
SHA1: | DD28A969A650929CB0709D4C28155FBB95189396 |
SHA-256: | 6E624CF7EF7B967643D8B5DEF2EC92890BBA83FF2B2AD6D1582AC49676419598 |
SHA-512: | 57C5EE631FB4BA129F6B4C72439EC2A395979987DD7C7D874024BABD37BAC4AC526BE1EEC16B097A0546886B81D2A1C3906F98473F9331492AF3A0330FBD10F7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.362190768763558 |
Encrypted: | false |
SSDEEP: | 12:YvXKXFu10c8GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWb:Yv6XAPS168CgEXX5kcIfANha |
MD5: | 13F13486EA4BD3BF45DB9C136FC29B6E |
SHA1: | 465FD8CAFAC2021AE2172ABCD110734A67E3A3EB |
SHA-256: | 4C11B5A97DB1910F36B5C9059E0AF5831BF912580A4089BA6B401E0DB57C8CA3 |
SHA-512: | 08DCECA53FDB3D005C1DCC5D9DCE8BBC650D27BC7BF508EE17DE7A927FB8292BB17E1C45E7AA9F0ED8BB104759749D656FFA33789290DCCF9F1F5B6F73EB37FB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.134532352075564 |
Encrypted: | false |
SSDEEP: | 24:YJE2UIaNS9X3ay4fMUJ55aPwXCtBcWCMhh+DpuEdRzXQWcljuk9Uj0S29fS/o25J:Y99XUecXMQpuOQvukM0MIR8zT9d |
MD5: | A4C8C2D1785C09CB27C0D4DEBBC10226 |
SHA1: | BF13B411AB9BB813F0B8C84AB8C3AA0317D8DB68 |
SHA-256: | E4E3FD3E91FEFE37FEA0C3C5746D7D4B98D0CFF2F8FF762E9D4F65BE5AA841CC |
SHA-512: | 8A52BD569583B6C0F5592A81EEB4927D303417EA04E364464B8B4533F4ACC49E9F4C1806F65F44872E1E11FCED6FC6F0834FEF546880DDADAF34D5ECDFED8BB2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1463013537922702 |
Encrypted: | false |
SSDEEP: | 24:TLhx/XYKQvGJF7ursox0RZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudO:TFl2GL7msNXc+XcGNFlRYIX2v3kR |
MD5: | CAC1FC867C6E36B3704AC532E9994F85 |
SHA1: | 72DB2AAE3B82168F31066692313D6D9315E4E2A9 |
SHA-256: | A3723D8E41C313B4E50C1E2FC3368A194CF1D19181113E5F15CC0E6980A54F44 |
SHA-512: | E6395881DF41F63C9FBC102925B8F6EE9554A35C83CBD63387FF62D0458553910C2BB3CEB48B86CAFA4DBD59F63F69A778BC9850762B5D176F68AA83BBEB64B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.5482024805373855 |
Encrypted: | false |
SSDEEP: | 24:7+t1x0UXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxAqLxx/XYC:7MlXc+XcGNFlRYIX2vZqVl2GL7msj |
MD5: | 428BAC6DF849AC2F19ED6374121ECADE |
SHA1: | 7A223C398B27584BB0E198724CBE1ECC541CE6B1 |
SHA-256: | 0DE6FE73EDBEC83DF32C2154ED801F218AA794C61224B54B6623341613F9F605 |
SHA-512: | B5A0D72B9149FA8AD529196008C2B738D7D326F3511847ED4F10EEB92BB4E62009CAB9F4F7C02E009430462A9D99009DCF22710208E30B3B430B4ED5EA7B6977 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4953527754662135 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRwlHYlYH:Qw946cPbiOxDlbYnuRKTDYlYH |
MD5: | FF0AA85668E48EE787C808C45679AF04 |
SHA1: | 475A1783AB3FD87604760F3ECFF5B9411CDF06F6 |
SHA-256: | 43CC875009EDB91942342B7E8EAB56C468FDA27421BDFD4861D38293053525FD |
SHA-512: | 9EDB97665E30A775EA1693066483C20E0E3426367575DD546151E223722F8FA16F25743C67A75D33320B65213B82F087DB00DC31E6212F8943C3A54E91EF0CF9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144514 |
Entropy (8bit): | 7.992637131260696 |
Encrypted: | true |
SSDEEP: | 3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL |
MD5: | BA1716D4FB435DA6C47CE77E3667E6A8 |
SHA1: | AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF |
SHA-256: | AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D |
SHA-512: | 65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 20-08-04-931.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.338264912747007 |
Encrypted: | false |
SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
MD5: | 128A51060103D95314048C2F32A15C66 |
SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.352408944756037 |
Encrypted: | false |
SSDEEP: | 384:xnrarrekkKtdE3CS9pztj2/Xc3UNydNcPwaGowgoBrKFjn2nfw1OdSdQhuEhAJU8:kLb |
MD5: | 775CF052BC1BA7F43987193F88F59866 |
SHA1: | 0E53CBCBD7C210BE36425AA2D6964D5BBE664624 |
SHA-256: | EBCE99C379C27169AD32A9EE9185B44160F2A591D634FBD34732B2DBC882F83A |
SHA-512: | 484A07459A8DEEEB25E9B0598BD93EA7F839885F52C18318B30133B24855DB9E771B18E553F938E05D9BD9CC2B2AFB566D811DCFA4F46CDF1F345C8F6780F772 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.390861797296364 |
Encrypted: | false |
SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbo6cbTMIXlcbdz:V3fOCIdJDeiXa |
MD5: | 8D870A14077B0DA33769861738E936DF |
SHA1: | 6B19A0F6F799B6F7384DF9A6682FD4CA95C06A81 |
SHA-256: | 8237B726A2A6D7593838C244094FC56C97925CF20D6D4A77DE9B298704A6DDA0 |
SHA-512: | 0EB0EA14990FE60B9EB98CC7DD922E4ED8A36A2EF3B069B302F77BC2EBBF196DD2EA921E5CC6C38794BF175140412C7F1CAC60088CA27438FCE6C99AE517A73B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98682 |
Entropy (8bit): | 6.445287254681573 |
Encrypted: | false |
SSDEEP: | 1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L |
MD5: | 7113425405A05E110DC458BBF93F608A |
SHA1: | 88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF |
SHA-256: | 7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46 |
SHA-512: | 6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 737 |
Entropy (8bit): | 7.501268097735403 |
Encrypted: | false |
SSDEEP: | 12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa |
MD5: | 5274D23C3AB7C3D5A4F3F86D4249A545 |
SHA1: | 8A3778F5083169B281B610F2036E79AEA3020192 |
SHA-256: | 8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97 |
SHA-512: | FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.181181947626645 |
TrID: |
|
File name: | Copyright_Infringement_Evidence.exe |
File size: | 2'215'688 bytes |
MD5: | de2b7ec32d3a5c530e5a1aa6f2b27b16 |
SHA1: | 83c3c02a1c5746882094939ed4f1ab61954ff8f0 |
SHA256: | 0cf06c833517acebaebf18e5b36edccb4903a112117dbee1a19f9b76c7a7b36f |
SHA512: | e76d643dc5fad7de78172bafe3b33da231bbce76fb2c46235338e811112f32775dfd20acf770141808ee00c0e9527829933d9ec1ee04c776b774eff80168bee8 |
SSDEEP: | 24576:S/BARUsXRaTX3P/drZ6p7Ut2Qcbgn5DFIOG+N3mYm8hz8UQn652/BJOD:i2HXRWXdrEDQ0gn5xfG+8H8hz8rdm |
TLSH: | 8CA53942F74689EAC469D1B48346A332FA71BC4D47347BDB5B948A713E21BD06F3C298 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........k...8...8...8..$8...8.W.9...8.W.9...8.W.9...8.W.9...8Y..9...8M..9...8...8g..8...8y..8.VH8...8.V.9...8Rich...8............... |
Icon Hash: | 357561d6dad24d55 |
Entrypoint: | 0x14014c4e8 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66FA9E2B [Mon Sep 30 12:48:43 2024 UTC] |
TLS Callbacks: | 0x40136850, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 19182dc876641424b2d2a37a50cfbbc8 |
Signature Valid: | true |
Signature Issuer: | CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | A7EEF95F5BB4BCEB5DE91A14E42E20D4 |
Thumbprint SHA-1: | B0D949125202A88EF756E702FF910631B5E1C674 |
Thumbprint SHA-256: | 8C786FFEBDA1DDDCDE787060F8C35F54BA334CE4216CC1285998097C312A8069 |
Serial: | 4AEA2FD2D3DD61D454B29A9035C7443E |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007FB838F01E60h |
dec eax |
add esp, 28h |
jmp 00007FB838F019F7h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
nop word ptr [eax+eax+00000000h] |
dec eax |
sub esp, 10h |
dec esp |
mov dword ptr [esp], edx |
dec esp |
mov dword ptr [esp+08h], ebx |
dec ebp |
xor ebx, ebx |
dec esp |
lea edx, dword ptr [esp+18h] |
dec esp |
sub edx, eax |
dec ebp |
cmovb edx, ebx |
dec esp |
mov ebx, dword ptr [00000010h] |
dec ebp |
cmp edx, ebx |
jnc 00007FB838F01B98h |
inc cx |
and edx, 8D4DF000h |
wait |
add al, dh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1fdd94 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x20d000 | 0xc558 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x204000 | 0x8730 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x21a600 | 0x2908 | .reloc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x21a000 | 0x4634 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1f69a0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x1f6a00 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1f6860 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x15a000 | 0x5d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1587df | 0x158800 | f509cf50b3d0c3b1da083b472ef5cf90 | False | 0.4795049437590711 | zlib compressed data | 6.248432562026271 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x15a000 | 0xa5338 | 0xa5400 | 7514b7ade42a69ee494612b541a82b1d | False | 0.3238907668305598 | data | 5.200245215792879 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x200000 | 0x3210 | 0x3000 | bcfa5243990121eab858b80f58c48d0a | False | 0.16455078125 | data | 2.3941424673001555 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x204000 | 0x8730 | 0x8800 | a3be1f4e08902f8d9970ee643f09ca87 | False | 0.5124368106617647 | data | 5.929425986666682 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x20d000 | 0xc558 | 0xc600 | e0aed75b31869848bbe73399d7b9d461 | False | 0.23439472853535354 | data | 4.5009680803180085 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x21a000 | 0x4634 | 0x4800 | 1fd106fb7456ec218e6216267a020315 | False | 0.4384223090277778 | data | 5.432658826770008 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x20d478 | 0x18de | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9696826892868363 |
RT_ICON | 0x20ed58 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.08974964572508266 |
RT_ICON | 0x212f80 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.12935684647302906 |
RT_ICON | 0x215528 | 0x1a68 | Device independent bitmap graphic, 40 x 80 x 32, image size 6720 | English | United States | 0.16553254437869822 |
RT_ICON | 0x216f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.21106941838649157 |
RT_ICON | 0x218038 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.29508196721311475 |
RT_ICON | 0x2189c0 | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 1680 | English | United States | 0.33313953488372094 |
RT_ICON | 0x219078 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.4592198581560284 |
RT_GROUP_ICON | 0x2194e0 | 0x76 | data | English | United States | 0.7457627118644068 |
RT_VERSION | 0x20d240 | 0x234 | data | English | United States | 0.4716312056737589 |
DLL | Import |
---|---|
api-ms-win-core-synch-l1-2-0.dll | WakeByAddressAll, WaitOnAddress, WakeByAddressSingle |
bcryptprimitives.dll | ProcessPrng |
KERNEL32.dll | GetCurrentProcess, DuplicateHandle, SetHandleInformation, CreateIoCompletionPort, GetQueuedCompletionStatusEx, PostQueuedCompletionStatus, ReadFile, GetOverlappedResult, SetFileCompletionNotificationModes, Sleep, GetModuleHandleA, GetProcAddress, FreeEnvironmentStringsW, DeleteProcThreadAttributeList, CompareStringOrdinal, GetLastError, AddVectoredExceptionHandler, SetThreadStackGuarantee, GetCurrentThread, SwitchToThread, CreateWaitableTimerExW, SetWaitableTimer, WaitForSingleObject, QueryPerformanceCounter, GetSystemInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetLastError, GetCurrentDirectoryW, GetEnvironmentStringsW, GetEnvironmentVariableW, SetFileInformationByHandle, GetStdHandle, GetCurrentProcessId, WriteFileEx, SleepEx, GetExitCodeProcess, QueryPerformanceFrequency, HeapFree, HeapReAlloc, lstrlenW, ReleaseMutex, GetProcessHeap, HeapAlloc, FindClose, CreateFileW, GetFileInformationByHandle, GetFileInformationByHandleEx, CreateDirectoryW, FindFirstFileW, GetFinalPathNameByHandleW, CreateEventW, CancelIo, GetConsoleMode, GetModuleHandleW, FormatMessageW, GetModuleFileNameW, CreateNamedPipeW, ReadFileEx, WaitForMultipleObjects, GetFullPathNameW, GetSystemDirectoryW, GetWindowsDirectoryW, CreateProcessW, GetFileAttributesW, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, MultiByteToWideChar, WriteConsoleW, WideCharToMultiByte, CreateThread, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, InitializeSListHead, GetSystemTimeAsFileTime, IsDebuggerPresent, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentThreadId, IsProcessorFeaturePresent |
bcrypt.dll | BCryptGenRandom |
ADVAPI32.dll | RegCloseKey, RegQueryValueExW, RegOpenKeyExW, SystemFunction036 |
secur32.dll | EncryptMessage, DeleteSecurityContext, DecryptMessage, QueryContextAttributesW, FreeContextBuffer, InitializeSecurityContextW, AcquireCredentialsHandleA, FreeCredentialsHandle, ApplyControlToken, AcceptSecurityContext |
ws2_32.dll | freeaddrinfo, WSAGetLastError, WSAIoctl, setsockopt, WSAStartup, WSASend, send, getaddrinfo, recv, shutdown, getsockopt, ioctlsocket, connect, bind, WSASocketW, getsockname, getpeername, WSACleanup, closesocket |
crypt32.dll | CertOpenStore, CertEnumCertificatesInStore, CertCloseStore, CertFreeCertificateChain, CertDuplicateCertificateChain, CertFreeCertificateContext, CertDuplicateCertificateContext, CertVerifyCertificateChainPolicy, CertDuplicateStore, CertAddCertificateContextToStore, CertGetCertificateChain |
ntdll.dll | NtCreateFile, RtlNtStatusToDosError, NtCancelIoFileEx, NtReadFile, NtDeviceIoControlFile, NtWriteFile |
VCRUNTIME140.dll | memset, memcmp, memmove, __current_exception_context, __CxxFrameHandler3, __current_exception, __C_specific_handler, memcpy |
api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, pow |
api-ms-win-crt-runtime-l1-1-0.dll | exit, _exit, __p___argc, __p___argv, _cexit, _c_exit, _initialize_narrow_environment, _initterm_e, _get_initial_narrow_environment, _configure_narrow_argv, _initialize_onexit_table, _register_onexit_function, _crt_atexit, terminate, _initterm, _seh_filter_exe, _set_app_type, _register_thread_local_exe_atexit_callback |
api-ms-win-crt-stdio-l1-1-0.dll | __p__commode, _set_fmode |
api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale |
api-ms-win-crt-heap-l1-1-0.dll | _set_new_mode, free |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:07:55 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\Copyright_Infringement_Evidence.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6f37a0000 |
File size: | 2'215'688 bytes |
MD5 hash: | DE2B7EC32D3A5C530E5A1AA6F2B27B16 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 20:08:01 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72fc60000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 20:08:01 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 20:08:01 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff651090000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 20:08:02 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 20:08:02 |
Start date: | 07/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70df30000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.1% |
Total number of Nodes: | 423 |
Total number of Limit Nodes: | 73 |
Graph
Function 00007FF6F38D6DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 152networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3821DF0 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 411COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37B6720 Relevance: 16.9, APIs: 7, Strings: 4, Instructions: 408COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37D8A60 Relevance: 14.2, APIs: 8, Strings: 1, Instructions: 653COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37BD7D6 Relevance: 11.3, APIs: 4, Strings: 2, Instructions: 770registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3843AF0 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 565COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37D9620 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 315COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37BF4B5 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 246COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37A2023 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 229COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3826870 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 232COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F381D440 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 178COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F383A830 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37FED40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37B6590 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 118COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37B33B2 Relevance: 29.9, APIs: 15, Strings: 4, Instructions: 1401COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38F32A0 Relevance: 15.7, APIs: 2, Strings: 8, Instructions: 728COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37AABD7 Relevance: 12.7, APIs: 7, Strings: 1, Instructions: 703COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3888E90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38C6060 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 164COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38EC7CC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38945F0 Relevance: 3.1, APIs: 2, Instructions: 69filenativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37A4CC5 Relevance: .9, Instructions: 906COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38434B0 Relevance: .4, Instructions: 396COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3835CF0 Relevance: .4, Instructions: 360COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38E4260 Relevance: .3, Instructions: 302COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F383AF70 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F381C310 Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37E88E0 Relevance: .2, Instructions: 246COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F384E2A0 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38E2A00 Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3836A40 Relevance: .2, Instructions: 226COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F384E650 Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37E8CA0 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38EBFA0 Relevance: .2, Instructions: 172COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37E7E10 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37EB440 Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37E8070 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37E81F0 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38FA4A0 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38FA298 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38FA4C8 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37FDB80 Relevance: 20.0, APIs: 11, Strings: 2, Instructions: 465COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37CC133 Relevance: 10.9, APIs: 4, Strings: 3, Instructions: 419COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37D6190 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 100COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3804CB0 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 416COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38E24A0 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 374COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3862E50 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 309COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37BCE30 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 195COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F386EB90 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 100COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37DA210 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38539F0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38D6CC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3807860 Relevance: 6.4, APIs: 3, Strings: 1, Instructions: 427COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F382DBC0 Relevance: 6.4, APIs: 3, Strings: 1, Instructions: 394COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37C01E0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 314COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3837B10 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 301COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37A2C0D Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38376C0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 211COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37BBD83 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 141COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37C0B45 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 136COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37B54DA Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 124COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37BF910 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 123COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F3862B70 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 110COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37AADE3 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 110COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37AADC6 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 102COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F386EA20 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F386E8B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37B6E80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 93COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F37DA340 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 91COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38BF250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38BF0B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38D4220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38C1440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6F38C5F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|